One of the biggest problems with cryptocurrency exchanges is that they're a juicy, enticing target for high-tech criminals. Case in point, Italian exchange BitGrail, which lost $170 million worth of Nano tokens, a little-known digital coin previously called RaiBlocks. BitGrail is the second exchange that lost of massive amount of money this year -- and it's only February -- following Tokyo-based Coincheck, which lost between $400 and $534 million worth of coins in a cyberattack on its internet-connected wallet back in January. BitGrail announced on its website that it lost $170 million to fraudulent transactions and that it has already reported them to authorities. It has suspended all withdrawals and deposits "in order to conduct further verifications." However, unlike Coincheck, which promised to give users their money back, BitGrail founder Francesco "The Bomber" Firano announced on Twitter that there's no way to refund 100 percent of what users lost. While BitGrail's loss is in no way as massive as Mt. Gox's , it's still steeped in controversy. The Nano team said that they have no "reason to believe the loss was due to an issue in the Nano protocol" and that the "problems appear to be related to BitGrail's software." They also published a copy of their conversation with the exchange's founder and said that Franceso suggested they modify the ledger to cover his losses. It doesn't help that BitGrail recently required users to verify their accounts to be able to withdraw their coins beyond a certain amount, and some people have reportedly been waiting for verification since December. More recently, the exchange announced that it would no longer serve non-EU users due to what it said are legal complications. Team Nano wrote in their latest statement: "We now have sufficient reason to believe that Firano has been misleading the Nano Core Team and the community regarding the solvency of the BitGrail exchange for a significant period of time." On Twitter, Francesco said Nano's claims are nothing but "unfounded allegations." He added that he told the police that the Nano team published their private convo, which could compromise the investigation. In the wake of the unfounded accusations made against me by the dev team and of the dissemination of private conversations that compromise police investigations, Bitgrail s.r.l. is forced to contact the police in order to protect its rights and users — Francesco The Bomber (@bomberfrancy) February 10, 2018 NANO on BitGrail have been stolen. Unfortunately there is no way to give it back to you at 100% (we only got 4 MLN XRN right now). The devs, as you have guessed, dont want to collaborate — Francesco The Bomber (@bomberfrancy) February 9, 2018 Source: The Wall Street Journal

The 2017 Equifax data breach was already extremely serious by itself, but there are hints it was somehow worse. CNN has learned that Equifax told the US Senate Banking Committee that more data may have been exposed than initially determined. The hack may have compromised more driver's license info, such as the issuing data and host state, as well as tax IDs. In theory, it would be that much easier for intruders to commit fraud. The breach compromised about 145.5 million people, although their level of exposure varied wildly. About 10.9 million Americans' driver's licenses were embroiled in the hack, and just a small fraction of the exposed UK licenses (just under 700, 000) had enough info to jeopardize the victims' privacy. Equifax stressed to CNN that the initial list of exposed data was never meant to be the final, definitive account of the scope of the problem. And that's not unheard of -- companies frequently deliver rough assessments of the damage in the immediate aftermath and refine the numbers as they learn more. However, that explanation might not be enough for officials. Senators are already clamoring for a thorough investigation , and want to know the full extent of what happened. This update gives them more of what they want, but it also raises the question of why the company is still determining the scope of the breach nearly half a year after it was made public. Source: CNN Money

MoviePass' $10-per-month subscription service was a hit from the start, enough to crash the company's website when it was first announced. It looks like demand isn't slowing down anytime soon either: it has gained 500, 000 more subscribers merely a month after it reached 1.5 million users. The fact that MoviePass cut off members' access to some popular AMC theaters had little effect, if any. It's easy to see why 2 million would sign up: for 10 bucks a month -- an ongoing promo even cuts the price down to $7.95 -- they're entitled to see one 2D film a day, every day, without paying extra. In 2017, members bought $110 million worth of tickets and generated an additional $146 million in ticket sales by bringing non-members to showings. MoviePass chief Mitch Lowe said in a statement: "We're giving people a reason to go back to the movie theaters, and they're going in droves. With awards season here, we hope we can make Hollywood and exhibitors very happy by filling seats with eager audiences." As Bloomberg said, though, all these new users are both a blessing and a curse to the company. Every time a member watches a movie, the service pays for that subscriber's ticket at full price. It loses money for every member that watches two movies a month, and its accountants apparently already warned the company that its system might not be viable in the long run. AMC shares the same sentiment and once called the business model unsustainable. It's like turning "lead into gold, " the theater chain said in a statement last year. So, how does MoviePass plan to make money if subscribers aren't bringing in the cash? It's hoping to sell ads, merchandise and data on moviegoers' habits, as well as to get a cut of theaters' refreshment sales as they go up from all the viewers it brings to cinemas. The company is also hoping to convince theater chains to sell it tickets for its members at a discounted rate. It's unclear if MoviePass is already making headway with those plans, but when it dropped several AMC locations from its list, it said that the theaters it works with is subject to change as it "continue[s] to strive for mutually-beneficial relationships with" them. AMC chief Adam Aron has been quite a vocal critic of the service and already proclaimed that the chain has no intention of sharing its admissions or concessions revenue. Source: Bloomberg , Variety

According to a report by The Wall Street Journal, Amazon is planning to take on UPS and FedEx with a new shipping service named "Shipping with Amazon" (SWA). The new service will reportedly roll out in Los Angeles in the coming weeks. Ars Technica reports: Aside from first starting in LA, SWA will first serve third-party merchants that already sell on Amazon. The company plans to send drivers to pick up shipments from these businesses and deliver the packages for them. While shipping and delivery will mostly go through Amazon, anything outside of the retailer's reach will be given to the USPS and other shipping services for the "last mile" portion of the delivery. In the future, Amazon reportedly wants to open up SWA to businesses that aren't affiliated with the site -- meaning Amazon could ship and deliver packages from companies of all sizes. Amazon also believes it can compete with UPS and FedEx by making SWA more affordable for business customers, but its pricing structure hasn't been revealed. Read more of this story at Slashdot.

Google's Android Messages app could soon get a dramatic makeover with some interesting new features, judging by an APK teardown by XDA Developers and Android Police . Most significantly, it looks like you'll be able to pair your phone with a computer and text directly from a browser like Chrome, Firefox and Safari, much as you can with Google's Allo messaging app. Unlike Allo, however, Android Messages could allow you to send mobile SMSes rather than web messages, making texting a fair amount easier. To use it, you may have to scan a QR code on your PC or Mac, then pair your device each time you want to text. The feature appears to be partially implemented in the latest Android Messages 2.9 APK , but you can't yet send an actual text. The APK also hints at the ability to send and receive payments, likely via Google Pay , potentially opening that service up to many more users. There are also signs that something called Google Enhanced Messaging, probably similar Smart Replies for Gmail, Allo and Inbox, is coming to Android Messages. All told, Google appears to be transforming Android Messages into an Allo-like app, except for mobile SMS texts instead of web-based ones. It could also be monetizing it to a degree via Google Pay. Considering the power it yields over the Android smartphone ecosystem, that could amount to a lot of dollars. Take all the changes with some salt, though, because APKs don't necessarily mean features are set in stone, and some of the aforementioned features are still half-baked. Source: XDA Developers , Android Police

Researchers in the UK and the US have taken human eggs in their most early stage and developed them to maturity in a lab for the first time. It's a big achievement that could open up new avenues for infertility treatment and give scientists a better understanding of how the egg development process works and how it can go wrong. While this has been done before in mice, experiments of which have resulted in live offspring, this is the first time it has been done with human eggs. The research team had previously developed a protocol wherein they could take eggs in later stages of development and bring them to maturity, and they expanded that protocol in an attempt to develop eggs from start to finish in the lab. They took samples of ovarian tissue from 10 women while they were undergoing caesarean section surgery and cultured sections of that tissue that have the ability to release an egg, structures known as follicles. The follicles were cultured in a multi-step procedure that allowed for eggs to develop. At the end of each step, follicles, and eventually eggs, that had successfully matured further were moved to the following step. The team initially isolated 87 follicles and by the end of the 21-day procedure, nine eggs reached a stage of maturity that would in theory allow them to be fertilized with sperm and develop into an embryo. While only 37 percent of the early-stage follicles resulted in a fully grown egg and only 10 percent achieved levels of maturity that could allow for reproduction, it's still an important step in the study of egg development, or oogenesis. Ali Abbara, an endocrinology senior lecturer at the Imperial College of London who wasn't involved with the study, told Reuters , "The technology remains at an early stage, and much more work is needed to make sure that the technique is safe and optimized before we ascertain whether these eggs remain normal during the process, and can be fertilized to form embryos that could lead to healthy babies." Evelyn Telfer, a researcher at the University of Edinburgh and the leader of the study, told Reuters that the team is now working on optimizing this process and evaluating how healthy the resulting eggs are. One next step is to try to fertilize the eggs with sperm to see if they can result in a viable embryo -- work that requires a licence that the team doesn't yet have. This work could help improve IVF treatments in the future and could particularly help girls with cancer. They typically have pieces of their ovaries removed and preserved prior to receiving cancer treatments that might damage their follicles. However, if there's a chance that the tissue has cancer cells, it can't be reimplanted later on. If doctors could mature those eggs outside of her body, those eggs could still be used without introducing risk to the woman. Additionally, in cases where women have a condition that prevents the development of their eggs, this type of research could help scientists understand why that happens. "There are several conditions in which women lose their eggs much earlier in life, or they don't grow, " Telfer told New Scientist . "If we could understand the process...we could develop treatments for that." The research was published in Molecular Human Reproduction . Via: Reuters Source: Molecular Human Reproduction

darthcamaro writes: Apparently YouTube isn't the only site that is draining CPU power with unauthorized cryptocurrency miners. A water utility provider in Europe is literally being drained of its CPU power via an cryptojacking attack that was undetected for three weeks. eWeek reports: "At this point, Radiflow's (the security firm that discovered the cryptocurrency mining malware) investigation indicates that the cryptocurrency mining malware was likely downloaded from a malicious advertising site. As such, the theory that Radiflow CTO Yehonatan Kfir has is that an operator at the water utility was able to open a web browser and clicked on an advertising link that led the mining code being installed on the system. The actual system that first got infected is what is known as a Human Machine Interface (HMI) to the SCADA network and it was running the Microsoft Windows XP operating system. Radiflow's CEO, Ilan Barda, noted that many SCADA environments still have Windows XP systems deployed as operators tend to be very slow to update their operating systems." Radiflow doesn't know how much Monero (XMR) cryptocurrency was mined by the malware, but a recent report from Cisco's Talos research group revealed that some of the top un-authorized cryptocurrency campaigns generate over a million dollars per year. The average system would generate nearly $200, 000 per year. Read more of this story at Slashdot.

Enlarge / Splitting photons up into a collection of neighboring frequencies may help with quantum computation. (credit: NIST ) Way back when I started writing for Ars , experimental quantum computing had just started to take off. At the time, the big demonstrations of quantum computation were very simple calculations, performed using single photons as repositories of quantum information. Back then, demonstrating even a single logical gate was a challenge. Light ruled the roost, and charged particles were reduced to the status of not-quantum-enough. That changed, of course. Now, all the big demonstrations make use of charged particles: little superconducting current loops , rows of ions , or others . Light, it seems, has been reduced to a way of moving qubits between charged particles. But a recent result shows that there is life left in photon-based quantum computers and that the degree of parallelization available to a photon-based quantum computer will be difficult to beat using other qubit technologies. Read 19 remaining paragraphs | Comments

If you've never seen an octopus hatch, now is your chance. These cute baby Caribbean reef octopuses, the size of a pinky nail, were hatched at the Virginia Aquarium. The way they immediately darken to purple is a fun surprise. According to The Verge : The video, posted by the Virginia Aquarium, shows a baby Caribbean reef octopus (Octopus briareus) no bigger than a pinky nail hatching from a bundle of eggs. As for the color change, these octopuses are known to be masters of disguise. “It was going into an instant camouflage as soon as it came out of the egg,” says Julie Levans, senior curator at the aquarium. These octopuses use specialized muscles to open and close little sacs of pigment in their skin called chromatophores — and this little guy was probably responding to the black tabletop beneath its tank. The baby octopus’s mom arrived at the aquarium about six months ago, and four months later, she laid between 100 and 200 eggs. Since this softball-sized species is solitary and also sometimes cannibalistic, this octopus lives alone at the aquarium. The eggs themselves weren’t surprising — female octopuses typically lay eggs. “What did catch us by surprise was the fact that they were fertilized,” Levans says. ICYMI: Your daily squee has arrived. #octobabies pic.twitter.com/D9e5T5bkun — Virginia Aquarium (@VAAquarium) February 7, 2018

Photographer Benny Lam spent several years documenting grim living conditions in Hong Kong where people live inside tiny "coffin cubicles" within illegally divided apartments. The images are grim glimpses of life in the city with the most expensive housing market in the world. The photo series is titled "Trapped." From National Geographic : Pushed out by soaring rents, tens of thousands of people have no other option than to inhabit squatter huts, sub-divided units where the kitchen and toilet merge, coffin cubicles, and cage homes, which are rooms measuring as small as 6’ x 2.5’ traditionally made of wire mesh. “From cooking to sleeping, all activities take place in these tiny spaces,” says Lam. To create the coffin cubicles a 400 square flat will be illegally divided by its owner to accommodate 20 double-decker beds, each costing about HK$2000 (over $250 USD) per month in rent. The space is too small to stand up in.

This month’s posts:

About Ken May

Kenneth May is a certified cybersecurity professional. He and his team offer services such as Advanced Vulnerability Assessments, Network Penetration Testing, Web Application Penetration Testing, and a wide array of compliance services covering HIPAA, PCI, and the various NIST & DOD requirements. Ken is a Community mentor for SANS, the largest Cybersecurity certification preparation company in the world, and carries both the GSEC and GPEN (Certified Ethical Hacker and Penetration Tester) certifications. He has recently been accepted into the FBI’s Infragard program, as a recognized protector of critical national infrastructure. This program gives him deep access to information and resources to protect his clients.